.png "back to home page")
Someone inadvertently disclosed a critical vulnerability in Windows 10 and Server 2019. The flaw makes it possible to mount code-execution attacks that spread from vulnerable machine to vulnerable machine without any user interaction. There is currently no patch available.
— Dan Goodin (@dangoodin001) March 11, 2020
1/n https://t.co/fZixJOwJU6
The recent wormable CVE-2020-0796 that was not included in Microsoft's #PatchTuesday release shares similarities to the vulnerability exploited by the infamous #WannaCry ransomware. Learn how to prevent any potential attack below.https://t.co/T1CaLRgi5u
— Automox (@AutomoxApp) March 11, 2020
Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu | ZDNet #Microsoft #SMB #wormable #vulnerability #0day #CyberSecurity #nopatchyet @ZDNet https://t.co/h93omKfM2l
— Bob Carver ✭ (@cybersecboardrm) March 11, 2020
Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu
— Catalin Cimpanu (@campuscodi) March 10, 2020
- Bug is tracked as CVE-2020-0796
- Impacts SMBv3, and described as wormable
- Was announced in some security feeds, but not actually included with the March 2020 Patch Tuesdayhttps://t.co/wkDC8xj4vk pic.twitter.com/z8AQt3oKjA
So this is no doubt going to be fun. However, let's be realistic about risk:
— Jake Williams (@MalwareJake) March 10, 2020
1. Core SMB sits in kernel space and KASLR is great at mitigating exploitation.
2. Asssuming this is kernel space, any unsuccessful exploitation results in BSOD. 1/https://t.co/G1azjODKzM
According to Fortinet, the bug was described as "a #Buffer #Overflow Vulnerability in Microsoft SMB Servers" and received a maximum severity rating.https://t.co/Rx9AIKm6Ml
— Responsible Cyber (@R3sp_Cyb3r) March 11, 2020
Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu | ZDNet https://t.co/xHlhZOrIKp
— piyokango (@piyokango) March 11, 2020
Microsoft Patch Tuesday for March 2020 addresses 115 vulnerabilities with 26 of them labeled as Critical. https://t.co/YEwgoDiImT
— Qualys (@qualys) March 10, 2020
Make sure your infosec operations team can work remotely. Another WannaCry hitting healthcare orgs now would be a disaster. https://t.co/pDVbyZxLxA
— Chris Wysopal (@WeldPond) March 11, 2020
A critical bug in Microsoft's SMBv3 implementation was published under mysterious circumstances.https://t.co/8kGcNEpw7R
— Zack Whittaker (@zackwhittaker) March 11, 2020
MS, 윈10/서버2019에서 SMBv3 관련 취약점이 있음을 발표. 패치 일정은 밝히지 않았으나 우회책을 제시. https://t.co/un3o9XnNpy
— 푸른곰 (@purengom) March 11, 2020
CVE-2020-0796 affects version 3.1.1 of Microsoft’s SMB file-sharing system and was not included in Patch Tuesday. https://t.co/unaMyNtGWw via @InfoSecHotSpot pic.twitter.com/6diMYXsZJA
— Sean Harris (@InfoSecHotSpot) March 11, 2020
Microsoft fixed bugs across a range of products on patch Tuesday, issuing patches for 115 distinct CVEs, with 26 rated critical. https://t.co/pq4546XGr1 via @InfoSecHotSpot pic.twitter.com/3QsNplWhus
— Sean Harris (@InfoSecHotSpot) March 11, 2020
I'll tell ya, when has SMB NOT been a problem in Windows?! | Windows has a new wormable vulnerability, and there’s no patch in sight | @ArsTechnica https://t.co/GTkYuJ4OGt
— Tim Warner (@TechTrainerTim) March 11, 2020
This happens every month I swear https://t.co/LIaClEy8Km
— ?Kirb (@KirbApple) March 12, 2020
Windows has a new wormable vulnerability, and there’s no patch in sight. Critical bug in Microsoft's SMBv3 implementation. https://t.co/ZRj8M5a3Ni
— Gregg Housh (@GreggHoush) March 12, 2020